CVE-2022-29110: 
vulnerability analysis and mitigation

Microsoft Excel Remote Code Execution Vulnerability (CVE-2022-29110) was disclosed on May 10, 2022. This vulnerability affects various versions of Microsoft Excel including Excel 2013 SP1, Excel 2016, and Office Web Apps Server 2013 SP1. The vulnerability is distinct from CVE-2022-29109 (NVD).

The vulnerability has received a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, as assessed by Microsoft Corporation. Under CVSS v2.0, it received a base score of 9.3 (HIGH) with the vector (AV:N/AC:M/Au:N/C:C/I:C/A:C) (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute remote code on the target system, potentially gaining the same level of access as the logged-in user. The vulnerability affects confidentiality, integrity, and availability of the system, as indicated by the CVSS scoring (Rapid7).

Microsoft has released security updates to address this vulnerability. The fix is available through Microsoft Update and can be obtained via the Microsoft Update Catalog. For Excel 2016, the security update KB5002196 has been released (Microsoft Support).